Manualshelf

Operation Manual

ManualsBrandsDraytek ManualscomputerVigor 2100VG series
61626364656667686970
Protect Your Network
6-13
Chapter 6-A
Prevention of Denial of Service
Attacks
6-A.1 Introduction
The DoS Defense functionality helps you to detect and mitigate the DoS
attacks. Those attacks include the flooding-type attacks and the vulnerability
attacks. The flooding-type attacks attempt to use up all your system's
resource while the vulnerability attacks try to paralyze the system by offending
the vulnerabilities of the protocol or operation system.
The DoS Defense Engine inspects each incoming packet against the attack
signature database. Any packet that may paralyze the host in the security
zone is blocked and a syslog message is sent to the client. Also the DoS
Defense Engine monitors the traffic behavior. Any odd situation violating the
administrator's configuration is reported and the corresponding defense
function is performed in order to mitigate the attack.
The DoS/DDoS defense function can detect and protect the following attacks:
1. SYN flood attack
2. UDP flood attack
3. ICMP flood attack
4. TCP Flag scan
5. Trace route
6. IP options
7. Unknown protocol
8. Land attack
9. Smurf attack
10. SYN fragment
11. ICMP fragment
12. Tear drop attack
13. Fraggle attack
14. Ping of Death attack
15. TCP/UDP port scan